From 3691fe5d6bf3639b429e200db852a8df3c3cd632 Mon Sep 17 00:00:00 2001 From: Johannes Nussbaum Date: Fri, 9 Aug 2024 19:13:40 +0200 Subject: [PATCH 1/6] edit --- dsp_permissions_scripts/template.py | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/dsp_permissions_scripts/template.py b/dsp_permissions_scripts/template.py index 60f88b5b..b49240ba 100644 --- a/dsp_permissions_scripts/template.py +++ b/dsp_permissions_scripts/template.py @@ -12,7 +12,7 @@ from dsp_permissions_scripts.doap.doap_set import apply_updated_doaps_on_server from dsp_permissions_scripts.models import group from dsp_permissions_scripts.models.host import Hosts -from dsp_permissions_scripts.models.scope import PUBLIC +from dsp_permissions_scripts.models.scope import PUBLIC, PermissionScope from dsp_permissions_scripts.oap.oap_get import get_all_oaps_of_project from dsp_permissions_scripts.oap.oap_model import Oap from dsp_permissions_scripts.oap.oap_model import OapRetrieveConfig @@ -77,6 +77,12 @@ def update_aps(host: str, shortcode: str, dsp_client: DspClient) -> None: existing_aps=project_aps, forGroup=group.UNKNOWN_USER, dsp_client=dsp_client, + ) + _ = create_new_ap_on_server( # noqa: F821 + forGroup=group.CREATOR, + shortcode=shortcode, + hasPermissions=frozenset({ApValue.ProjectResourceCreateAllPermission}), + dsp_client=dsp_client, ) modified_aps = modify_aps(remaining_aps) if not modified_aps: @@ -100,6 +106,12 @@ def update_doaps(host: str, shortcode: str, dsp_client: DspClient) -> None: shortcode=shortcode, mode="original", host=host, + ) + _ = create_new_doap_on_server( # noqa: F821 + target=group.CREATOR, # solve this differently: it should be a DoapTarget, but the project IRI is not known yet. it could be for a group, for a class, or a property + shortcode=shortcode, + scope=PermissionScope(), + dsp_client=dsp_client, ) project_doaps_modified = modify_doaps(doaps=project_doaps) if not project_doaps_modified: From 9f8c84e17cfc951b455bb6a4f9c16fd3024119db Mon Sep 17 00:00:00 2001 From: Johannes Nussbaum Date: Fri, 9 Aug 2024 21:11:14 +0200 Subject: [PATCH 2/6] edit --- dsp_permissions_scripts/doap/doap_model.py | 21 ++++++++++++++++++++ dsp_permissions_scripts/doap/doap_set.py | 23 ++++++++++++++++++++++ dsp_permissions_scripts/template.py | 13 +++++++----- 3 files changed, 52 insertions(+), 5 deletions(-) diff --git a/dsp_permissions_scripts/doap/doap_model.py b/dsp_permissions_scripts/doap/doap_model.py index fe71fa75..faa2e875 100644 --- a/dsp_permissions_scripts/doap/doap_model.py +++ b/dsp_permissions_scripts/doap/doap_model.py @@ -38,6 +38,27 @@ def assert_correct_combination(self) -> Self: return self +class NewDoapTarget(BaseModel): + """Represents the target of a DOAP that is yet to be created.""" + + group: Group | None = None + resource_class: str | None = None + property: str | None = None + + @model_validator(mode="after") + def assert_correct_combination(self) -> Self: + # asserts that DOAP is only defined for Group or ResourceClass or Property + # or a combination of ResourceClass and Property + match (self.group, self.resource_class, self.property): + case (None, None, None): + raise ValueError("At least one of group, resource_class or property must be set") + case (_, None, None) | (None, _, _): + pass + case _: + raise ValueError("Invalid combination of group, resource_class and property") + return self + + class DoapTargetType(Enum): ALL = "all" GROUP = "group" diff --git a/dsp_permissions_scripts/doap/doap_set.py b/dsp_permissions_scripts/doap/doap_set.py index 38d65a78..a31e9fbb 100644 --- a/dsp_permissions_scripts/doap/doap_set.py +++ b/dsp_permissions_scripts/doap/doap_set.py @@ -2,10 +2,12 @@ from dsp_permissions_scripts.doap.doap_get import create_doap_from_admin_route_response from dsp_permissions_scripts.doap.doap_model import Doap +from dsp_permissions_scripts.doap.doap_model import NewDoapTarget from dsp_permissions_scripts.models.errors import ApiError from dsp_permissions_scripts.models.scope import PermissionScope from dsp_permissions_scripts.utils.dsp_client import DspClient from dsp_permissions_scripts.utils.get_logger import get_logger +from dsp_permissions_scripts.utils.project import get_project_iri_and_onto_iris_by_shortcode from dsp_permissions_scripts.utils.scope_serialization import create_admin_route_object_from_scope logger = get_logger(__name__) @@ -35,3 +37,24 @@ def apply_updated_scopes_of_doaps_on_server(doaps: list[Doap], host: str, dsp_cl except ApiError as err: logger.error(err) logger.info(f"Finished updating scopes of {len(doaps)} DOAPs on {host}") + + +def create_new_doap_on_server( + target: NewDoapTarget, + shortcode: str, + scope: PermissionScope, + dsp_client: DspClient, +) -> Doap: + proj_iri, _ = get_project_iri_and_onto_iris_by_shortcode(shortcode) + payload = { + "forGroup": target.group, + "forProject": proj_iri, + "forProperty": target.property, + "forResourceClass": target.resource_class, + "hasPermissions": create_admin_route_object_from_scope(scope), + } + try: + dsp_client.post("/admin/permissions/doap", data=payload) + logger.info(f"Successfully created new DOAP for target {target}") + except ApiError: + logger.error(f"Could not create new DOAP for target {target}") diff --git a/dsp_permissions_scripts/template.py b/dsp_permissions_scripts/template.py index e117d44d..43c30a28 100644 --- a/dsp_permissions_scripts/template.py +++ b/dsp_permissions_scripts/template.py @@ -8,11 +8,14 @@ from dsp_permissions_scripts.ap.ap_set import apply_updated_scopes_of_aps_on_server from dsp_permissions_scripts.doap.doap_get import get_doaps_of_project from dsp_permissions_scripts.doap.doap_model import Doap +from dsp_permissions_scripts.doap.doap_model import NewDoapTarget from dsp_permissions_scripts.doap.doap_serialize import serialize_doaps_of_project from dsp_permissions_scripts.doap.doap_set import apply_updated_scopes_of_doaps_on_server +from dsp_permissions_scripts.doap.doap_set import create_new_doap_on_server from dsp_permissions_scripts.models import group from dsp_permissions_scripts.models.host import Hosts -from dsp_permissions_scripts.models.scope import PUBLIC, PermissionScope +from dsp_permissions_scripts.models.scope import PUBLIC +from dsp_permissions_scripts.models.scope import PermissionScope from dsp_permissions_scripts.oap.oap_get import get_all_oaps_of_project from dsp_permissions_scripts.oap.oap_model import Oap from dsp_permissions_scripts.oap.oap_model import OapRetrieveConfig @@ -78,10 +81,10 @@ def update_aps(host: str, shortcode: str, dsp_client: DspClient) -> None: forGroup=group.PROJECT_MEMBER, dsp_client=dsp_client, ) - _ = create_new_ap_on_server( # noqa: F821 + _ = create_new_ap_on_server( forGroup=group.CREATOR, shortcode=shortcode, - hasPermissions=frozenset({ApValue.ProjectResourceCreateAllPermission}), + hasPermissions=[ApValue.ProjectResourceCreateAllPermission], dsp_client=dsp_client, ) modified_aps = modify_aps(remaining_aps) @@ -107,8 +110,8 @@ def update_doaps(host: str, shortcode: str, dsp_client: DspClient) -> None: mode="original", host=host, ) - _ = create_new_doap_on_server( # noqa: F821 - target=group.CREATOR, # solve this differently: it should be a DoapTarget, but the project IRI is not known yet. it could be for a group, for a class, or a property + _ = create_new_doap_on_server( + target=NewDoapTarget(group=group.CREATOR), shortcode=shortcode, scope=PermissionScope(), dsp_client=dsp_client, From a4df80c987aff6ab010a8053b0f186258b703070 Mon Sep 17 00:00:00 2001 From: Johannes Nussbaum Date: Fri, 9 Aug 2024 21:22:24 +0200 Subject: [PATCH 3/6] finish code --- dsp_permissions_scripts/ap/ap_set.py | 26 ++++++++++++++++++++++++ dsp_permissions_scripts/doap/doap_set.py | 10 +++++---- dsp_permissions_scripts/template.py | 1 + 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/dsp_permissions_scripts/ap/ap_set.py b/dsp_permissions_scripts/ap/ap_set.py index 8445fedc..5245ab8e 100644 --- a/dsp_permissions_scripts/ap/ap_set.py +++ b/dsp_permissions_scripts/ap/ap_set.py @@ -4,9 +4,12 @@ from dsp_permissions_scripts.ap.ap_get import create_admin_route_object_from_ap from dsp_permissions_scripts.ap.ap_get import create_ap_from_admin_route_object from dsp_permissions_scripts.ap.ap_model import Ap +from dsp_permissions_scripts.ap.ap_model import ApValue from dsp_permissions_scripts.models.errors import ApiError +from dsp_permissions_scripts.models.group import Group from dsp_permissions_scripts.utils.dsp_client import DspClient from dsp_permissions_scripts.utils.get_logger import get_logger +from dsp_permissions_scripts.utils.project import get_project_iri_and_onto_iris_by_shortcode logger = get_logger(__name__) @@ -36,3 +39,26 @@ def apply_updated_scopes_of_aps_on_server(aps: list[Ap], host: str, dsp_client: except ApiError as err: logger.error(err) logger.info(f"Finished updating scopes of {len(aps)} Administrative Permissions on {host}") + + +def create_new_ap_on_server( + forGroup: Group, + shortcode: str, + hasPermissions: list[ApValue], + dsp_client: DspClient, +) -> Ap | None: + proj_iri, _ = get_project_iri_and_onto_iris_by_shortcode(shortcode, dsp_client) + payload = { + "forGroup": forGroup.val, + "forProject": proj_iri, + "hasPermissions": [ + {"additionalInformation": None, "name": ap_val, "permissionCode": None} for ap_val in hasPermissions + ], + } + try: + response = dsp_client.post("/admin/permissions/ap", data=payload) + logger.info(f"Successfully created new AP for group {forGroup}") + return create_ap_from_admin_route_object(response["administrative_permission"]) + except ApiError: + logger.error(f"Could not create new AP for group {forGroup}") + return None diff --git a/dsp_permissions_scripts/doap/doap_set.py b/dsp_permissions_scripts/doap/doap_set.py index a31e9fbb..264abc4b 100644 --- a/dsp_permissions_scripts/doap/doap_set.py +++ b/dsp_permissions_scripts/doap/doap_set.py @@ -44,17 +44,19 @@ def create_new_doap_on_server( shortcode: str, scope: PermissionScope, dsp_client: DspClient, -) -> Doap: - proj_iri, _ = get_project_iri_and_onto_iris_by_shortcode(shortcode) +) -> Doap | None: + proj_iri, _ = get_project_iri_and_onto_iris_by_shortcode(shortcode, dsp_client) payload = { - "forGroup": target.group, + "forGroup": target.group.val if target.group else None, "forProject": proj_iri, "forProperty": target.property, "forResourceClass": target.resource_class, "hasPermissions": create_admin_route_object_from_scope(scope), } try: - dsp_client.post("/admin/permissions/doap", data=payload) + response = dsp_client.post("/admin/permissions/doap", data=payload) logger.info(f"Successfully created new DOAP for target {target}") + return create_doap_from_admin_route_response(response["default_object_access_permission"]) except ApiError: logger.error(f"Could not create new DOAP for target {target}") + return None diff --git a/dsp_permissions_scripts/template.py b/dsp_permissions_scripts/template.py index 43c30a28..25a473db 100644 --- a/dsp_permissions_scripts/template.py +++ b/dsp_permissions_scripts/template.py @@ -6,6 +6,7 @@ from dsp_permissions_scripts.ap.ap_model import ApValue from dsp_permissions_scripts.ap.ap_serialize import serialize_aps_of_project from dsp_permissions_scripts.ap.ap_set import apply_updated_scopes_of_aps_on_server +from dsp_permissions_scripts.ap.ap_set import create_new_ap_on_server from dsp_permissions_scripts.doap.doap_get import get_doaps_of_project from dsp_permissions_scripts.doap.doap_model import Doap from dsp_permissions_scripts.doap.doap_model import NewDoapTarget From ec6ff3a707b4d708e6c71a90f05e9e556c227584 Mon Sep 17 00:00:00 2001 From: Johannes Nussbaum Date: Fri, 9 Aug 2024 21:52:56 +0200 Subject: [PATCH 4/6] write rudimentary unit test for create_new_ap_on_server() --- dsp_permissions_scripts/ap/ap_set.py | 2 +- tests/{test_ap.py => test_ap_model.py} | 0 tests/test_ap_set.py | 51 ++++++++++++++++++++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) rename tests/{test_ap.py => test_ap_model.py} (100%) create mode 100644 tests/test_ap_set.py diff --git a/dsp_permissions_scripts/ap/ap_set.py b/dsp_permissions_scripts/ap/ap_set.py index 5245ab8e..0c8ada69 100644 --- a/dsp_permissions_scripts/ap/ap_set.py +++ b/dsp_permissions_scripts/ap/ap_set.py @@ -52,7 +52,7 @@ def create_new_ap_on_server( "forGroup": forGroup.val, "forProject": proj_iri, "hasPermissions": [ - {"additionalInformation": None, "name": ap_val, "permissionCode": None} for ap_val in hasPermissions + {"additionalInformation": None, "name": ap_val.value, "permissionCode": None} for ap_val in hasPermissions ], } try: diff --git a/tests/test_ap.py b/tests/test_ap_model.py similarity index 100% rename from tests/test_ap.py rename to tests/test_ap_model.py diff --git a/tests/test_ap_set.py b/tests/test_ap_set.py new file mode 100644 index 00000000..2a4a29d3 --- /dev/null +++ b/tests/test_ap_set.py @@ -0,0 +1,51 @@ +from typing import Any +from unittest.mock import Mock + +import pytest + +from dsp_permissions_scripts.ap import ap_set +from dsp_permissions_scripts.ap.ap_model import ApValue +from dsp_permissions_scripts.ap.ap_set import create_new_ap_on_server +from dsp_permissions_scripts.models import group + + +@pytest.fixture() +def create_new_ap_request() -> dict[str, Any]: + return { + "forGroup": "knora-admin:Creator", # surprisingly, this works without context. Almost a bit uncanny... + "forProject": "http://rdfh.ch/projects/QykAkmHJTPS7ervbGynSHw", + "hasPermissions": [ + {"additionalInformation": None, "name": "ProjectResourceCreateAllPermission", "permissionCode": None} + ], + } + + +@pytest.fixture() +def create_new_ap_response() -> dict[str, Any]: + return { + "administrative_permission": { + "iri": "http://rdfh.ch/permissions/4123/8WIp72-IQeKjwL5y7cpNPQ", + "forProject": "http://rdfh.ch/projects/QykAkmHJTPS7ervbGynSHw", + "forGroup": "http://www.knora.org/ontology/knora-admin#Creator", + "hasPermissions": [{"name": "ProjectResourceCreateAllPermission"}], + } + } + + +def test_create_new_ap_on_server(create_new_ap_request: dict[str, Any], create_new_ap_response: dict[str, Any]) -> None: + ap_set.get_project_iri_and_onto_iris_by_shortcode = Mock( # type: ignore[attr-defined] + return_value=("http://rdfh.ch/projects/QykAkmHJTPS7ervbGynSHw", None) + ) + ap_set.create_ap_from_admin_route_object = Mock() # type: ignore[attr-defined] + dsp_client = Mock() + dsp_client.post = Mock(return_value=create_new_ap_response) + _ = create_new_ap_on_server( + forGroup=group.CREATOR, + shortcode="0000", + hasPermissions=[ApValue("ProjectResourceCreateAllPermission")], + dsp_client=dsp_client, + ) + dsp_client.post.assert_called_once_with("/admin/permissions/ap", data=create_new_ap_request) + ap_set.create_ap_from_admin_route_object.assert_called_once_with( # type: ignore[attr-defined] + create_new_ap_response["administrative_permission"] + ) From 6b497f83ec1db59af1494d10e7cfd48e02ade140 Mon Sep 17 00:00:00 2001 From: Johannes Nussbaum Date: Fri, 9 Aug 2024 22:10:18 +0200 Subject: [PATCH 5/6] small adaptions --- dsp_permissions_scripts/ap/ap_set.py | 5 +++-- dsp_permissions_scripts/doap/doap_set.py | 3 ++- dsp_permissions_scripts/template.py | 2 +- tests/test_ap_set.py | 3 ++- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/dsp_permissions_scripts/ap/ap_set.py b/dsp_permissions_scripts/ap/ap_set.py index 0c8ada69..0ee3e2a8 100644 --- a/dsp_permissions_scripts/ap/ap_set.py +++ b/dsp_permissions_scripts/ap/ap_set.py @@ -9,6 +9,7 @@ from dsp_permissions_scripts.models.group import Group from dsp_permissions_scripts.utils.dsp_client import DspClient from dsp_permissions_scripts.utils.get_logger import get_logger +from dsp_permissions_scripts.utils.helpers import KNORA_ADMIN_ONTO_NAMESPACE from dsp_permissions_scripts.utils.project import get_project_iri_and_onto_iris_by_shortcode logger = get_logger(__name__) @@ -49,7 +50,7 @@ def create_new_ap_on_server( ) -> Ap | None: proj_iri, _ = get_project_iri_and_onto_iris_by_shortcode(shortcode, dsp_client) payload = { - "forGroup": forGroup.val, + "forGroup": forGroup.val.replace("knora-admin:", KNORA_ADMIN_ONTO_NAMESPACE), "forProject": proj_iri, "hasPermissions": [ {"additionalInformation": None, "name": ap_val.value, "permissionCode": None} for ap_val in hasPermissions @@ -57,7 +58,7 @@ def create_new_ap_on_server( } try: response = dsp_client.post("/admin/permissions/ap", data=payload) - logger.info(f"Successfully created new AP for group {forGroup}") + logger.info(f"Successfully created new AP for group {forGroup.val}") return create_ap_from_admin_route_object(response["administrative_permission"]) except ApiError: logger.error(f"Could not create new AP for group {forGroup}") diff --git a/dsp_permissions_scripts/doap/doap_set.py b/dsp_permissions_scripts/doap/doap_set.py index 264abc4b..15448975 100644 --- a/dsp_permissions_scripts/doap/doap_set.py +++ b/dsp_permissions_scripts/doap/doap_set.py @@ -7,6 +7,7 @@ from dsp_permissions_scripts.models.scope import PermissionScope from dsp_permissions_scripts.utils.dsp_client import DspClient from dsp_permissions_scripts.utils.get_logger import get_logger +from dsp_permissions_scripts.utils.helpers import KNORA_ADMIN_ONTO_NAMESPACE from dsp_permissions_scripts.utils.project import get_project_iri_and_onto_iris_by_shortcode from dsp_permissions_scripts.utils.scope_serialization import create_admin_route_object_from_scope @@ -47,7 +48,7 @@ def create_new_doap_on_server( ) -> Doap | None: proj_iri, _ = get_project_iri_and_onto_iris_by_shortcode(shortcode, dsp_client) payload = { - "forGroup": target.group.val if target.group else None, + "forGroup": target.group.val.replace("knora-admin:", KNORA_ADMIN_ONTO_NAMESPACE) if target.group else None, "forProject": proj_iri, "forProperty": target.property, "forResourceClass": target.resource_class, diff --git a/dsp_permissions_scripts/template.py b/dsp_permissions_scripts/template.py index 25a473db..401dcd09 100644 --- a/dsp_permissions_scripts/template.py +++ b/dsp_permissions_scripts/template.py @@ -114,7 +114,7 @@ def update_doaps(host: str, shortcode: str, dsp_client: DspClient) -> None: _ = create_new_doap_on_server( target=NewDoapTarget(group=group.CREATOR), shortcode=shortcode, - scope=PermissionScope(), + scope=PermissionScope.create(CR=[group.SYSTEM_ADMIN]), dsp_client=dsp_client, ) project_doaps_modified = modify_doaps(doaps=project_doaps) diff --git a/tests/test_ap_set.py b/tests/test_ap_set.py index 2a4a29d3..04e2844a 100644 --- a/tests/test_ap_set.py +++ b/tests/test_ap_set.py @@ -12,7 +12,8 @@ @pytest.fixture() def create_new_ap_request() -> dict[str, Any]: return { - "forGroup": "knora-admin:Creator", # surprisingly, this works without context. Almost a bit uncanny... + "forGroup": "http://www.knora.org/ontology/knora-admin#Creator", + # surprisingly, it also works with "knora-admin:Creator", without context. "forProject": "http://rdfh.ch/projects/QykAkmHJTPS7ervbGynSHw", "hasPermissions": [ {"additionalInformation": None, "name": "ProjectResourceCreateAllPermission", "permissionCode": None} From 760cda2b0bb9680ca500d6d9a377d451b56922ef Mon Sep 17 00:00:00 2001 From: Johannes Nussbaum Date: Mon, 12 Aug 2024 09:05:28 +0200 Subject: [PATCH 6/6] remove doap stuff --- dsp_permissions_scripts/doap/doap_model.py | 21 ----------------- dsp_permissions_scripts/doap/doap_set.py | 26 ---------------------- dsp_permissions_scripts/template.py | 9 -------- 3 files changed, 56 deletions(-) diff --git a/dsp_permissions_scripts/doap/doap_model.py b/dsp_permissions_scripts/doap/doap_model.py index faa2e875..fe71fa75 100644 --- a/dsp_permissions_scripts/doap/doap_model.py +++ b/dsp_permissions_scripts/doap/doap_model.py @@ -38,27 +38,6 @@ def assert_correct_combination(self) -> Self: return self -class NewDoapTarget(BaseModel): - """Represents the target of a DOAP that is yet to be created.""" - - group: Group | None = None - resource_class: str | None = None - property: str | None = None - - @model_validator(mode="after") - def assert_correct_combination(self) -> Self: - # asserts that DOAP is only defined for Group or ResourceClass or Property - # or a combination of ResourceClass and Property - match (self.group, self.resource_class, self.property): - case (None, None, None): - raise ValueError("At least one of group, resource_class or property must be set") - case (_, None, None) | (None, _, _): - pass - case _: - raise ValueError("Invalid combination of group, resource_class and property") - return self - - class DoapTargetType(Enum): ALL = "all" GROUP = "group" diff --git a/dsp_permissions_scripts/doap/doap_set.py b/dsp_permissions_scripts/doap/doap_set.py index 15448975..38d65a78 100644 --- a/dsp_permissions_scripts/doap/doap_set.py +++ b/dsp_permissions_scripts/doap/doap_set.py @@ -2,13 +2,10 @@ from dsp_permissions_scripts.doap.doap_get import create_doap_from_admin_route_response from dsp_permissions_scripts.doap.doap_model import Doap -from dsp_permissions_scripts.doap.doap_model import NewDoapTarget from dsp_permissions_scripts.models.errors import ApiError from dsp_permissions_scripts.models.scope import PermissionScope from dsp_permissions_scripts.utils.dsp_client import DspClient from dsp_permissions_scripts.utils.get_logger import get_logger -from dsp_permissions_scripts.utils.helpers import KNORA_ADMIN_ONTO_NAMESPACE -from dsp_permissions_scripts.utils.project import get_project_iri_and_onto_iris_by_shortcode from dsp_permissions_scripts.utils.scope_serialization import create_admin_route_object_from_scope logger = get_logger(__name__) @@ -38,26 +35,3 @@ def apply_updated_scopes_of_doaps_on_server(doaps: list[Doap], host: str, dsp_cl except ApiError as err: logger.error(err) logger.info(f"Finished updating scopes of {len(doaps)} DOAPs on {host}") - - -def create_new_doap_on_server( - target: NewDoapTarget, - shortcode: str, - scope: PermissionScope, - dsp_client: DspClient, -) -> Doap | None: - proj_iri, _ = get_project_iri_and_onto_iris_by_shortcode(shortcode, dsp_client) - payload = { - "forGroup": target.group.val.replace("knora-admin:", KNORA_ADMIN_ONTO_NAMESPACE) if target.group else None, - "forProject": proj_iri, - "forProperty": target.property, - "forResourceClass": target.resource_class, - "hasPermissions": create_admin_route_object_from_scope(scope), - } - try: - response = dsp_client.post("/admin/permissions/doap", data=payload) - logger.info(f"Successfully created new DOAP for target {target}") - return create_doap_from_admin_route_response(response["default_object_access_permission"]) - except ApiError: - logger.error(f"Could not create new DOAP for target {target}") - return None diff --git a/dsp_permissions_scripts/template.py b/dsp_permissions_scripts/template.py index 401dcd09..9b836eac 100644 --- a/dsp_permissions_scripts/template.py +++ b/dsp_permissions_scripts/template.py @@ -9,14 +9,11 @@ from dsp_permissions_scripts.ap.ap_set import create_new_ap_on_server from dsp_permissions_scripts.doap.doap_get import get_doaps_of_project from dsp_permissions_scripts.doap.doap_model import Doap -from dsp_permissions_scripts.doap.doap_model import NewDoapTarget from dsp_permissions_scripts.doap.doap_serialize import serialize_doaps_of_project from dsp_permissions_scripts.doap.doap_set import apply_updated_scopes_of_doaps_on_server -from dsp_permissions_scripts.doap.doap_set import create_new_doap_on_server from dsp_permissions_scripts.models import group from dsp_permissions_scripts.models.host import Hosts from dsp_permissions_scripts.models.scope import PUBLIC -from dsp_permissions_scripts.models.scope import PermissionScope from dsp_permissions_scripts.oap.oap_get import get_all_oaps_of_project from dsp_permissions_scripts.oap.oap_model import Oap from dsp_permissions_scripts.oap.oap_model import OapRetrieveConfig @@ -111,12 +108,6 @@ def update_doaps(host: str, shortcode: str, dsp_client: DspClient) -> None: mode="original", host=host, ) - _ = create_new_doap_on_server( - target=NewDoapTarget(group=group.CREATOR), - shortcode=shortcode, - scope=PermissionScope.create(CR=[group.SYSTEM_ADMIN]), - dsp_client=dsp_client, - ) project_doaps_modified = modify_doaps(doaps=project_doaps) if not project_doaps_modified: logger.info("There are no DOAPs to update.")